diff options
author | Sergei Golubchik <serg@mariadb.org> | 2019-02-07 15:22:50 +0100 |
---|---|---|
committer | Sergei Golubchik <serg@mariadb.org> | 2019-02-12 19:14:37 +0100 |
commit | ffa4677c098dd482a92f36f7658103822c39b2fe (patch) | |
tree | 91596a0d054b887fd3a2405082cd03bb526b7b07 /scripts | |
parent | 4e4df7b46deac857b51b29ccbab153edcd67e694 (diff) | |
download | mariadb-git-ffa4677c098dd482a92f36f7658103822c39b2fe.tar.gz |
MDEV-12834 mysql_secure_installation should ask about unix_socket authentication
Optionally, restore the default root authentication, that is
mysql_native_password USING 'invalid' OR unix_socket
Diffstat (limited to 'scripts')
-rw-r--r-- | scripts/mysql_secure_installation.sh | 36 |
1 files changed, 34 insertions, 2 deletions
diff --git a/scripts/mysql_secure_installation.sh b/scripts/mysql_secure_installation.sh index 9b5298949f3..6441bbdabbd 100644 --- a/scripts/mysql_secure_installation.sh +++ b/scripts/mysql_secure_installation.sh @@ -420,8 +420,40 @@ get_root_password # Set the root password # -echo "Setting the root password ensures that nobody can log into the MariaDB" -echo "root user without the proper authorisation." +echo "Setting the root password or using the unix_socket ensures that nobody" +echo "can log into the MariaDB root user without the proper authorisation." +echo + +while true ; do + if [ $emptypass -eq 1 ]; then + echo $echo_n "Enable unix_socket authentication? [Y/n] $echo_c" + else + echo "You already have your root account protected, so you can safely answer 'n'." + echo + echo $echo_n "Switch to unix_socket authentication [Y/n] $echo_c" + fi + read reply + validate_reply $reply && break +done + +if [ "$reply" = "n" ]; then + echo " ... skipping." +else + emptypass=0 + do_query "UPDATE mysql.global_priv SET priv=json_set(priv, '$.plugin', 'mysql_native_password', '$.authentication_string', 'invalid', '$.auth_or', json_array(json_object(), json_object('plugin', 'unix_socket'))) WHERE User='root';" + if [ $? -eq 0 ]; then + echo "Enabled successfully!" + echo "Reloading privilege tables.." + reload_privilege_tables + if [ $? -eq 1 ]; then + clean_and_exit + fi + echo + else + echo "Failed!" + clean_and_exit + fi +fi echo while true ; do |